The problem of software piracy is well known in the computer industry. This problem results in substantial losses for software developers. Many methods have been used to try to prevent unauthorized use of software over the years, with limited success. Typically, the effort put out to break protection schemes is proportional to the value of the protected software. Thus, if a software program has high demand, such as a computer game, or has a high cost per unit, such as a professional tool sold to a small market, it is likely to be attacked by software hackers for the purpose of creating an unprotected version of the product. This unprotected version is then made available to others at low cost or free via the Internet or other means.
The impact on developers is substantial. In fact, this problem is so severe in some industries, such as the music recording industry and computer games industry, that some companies are unable to guarantee the profitability of developing new software.
Some of the methods of protecting software from piracy include encryption schemes, digital signatures, and the use of license files of various types. These schemes work fairly well, but typically have a serious weakness if attacked appropriately. This weakness is a single point of validation within the protected software, typically prior to the execution of the main application program code. If this single point can be located and neutralized, no matter how hack-proof the validation process is, once it is disconnected from the application, it is no longer able to perform the desired validation function. Most protection schemes have a single or small number of points, localized in code and usually localized in time of execution prior to, or at the beginning of, the application execution, making it easier for a hacker to locate and neutralize. Additionally, the code used to perform validation is typically identical in every instance for a given method, and thus easy to locate using a pattern-matching search. Once neutralization has been accomplished, the application typically runs correctly with no validation required.
Accordingly, what is needed is an anti-piracy method that runs during the normal execution of the application, validating the software over a period of time rather than prior to the execution of the main application. Additionally, what is needed is a method that allows the validation code to be customized and located in multiple places within the code base, thus increasing the difficulty of any attempts to locate and neutralize it. Finally, what is needed is a method that allows custom variations to the required validation code to prevent location by simple pattern matching of the code. The present invention addresses such a need.